2023-04-14 14:12:45 +03:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
lib,
|
|
|
|
pkgs,
|
|
|
|
...
|
|
|
|
}: {
|
|
|
|
imports = [
|
2023-07-22 16:05:44 +03:00
|
|
|
./boot
|
|
|
|
./fileSystems
|
2023-07-18 12:31:48 +03:00
|
|
|
./snapshot
|
2023-07-20 06:58:47 +03:00
|
|
|
./sshd
|
2023-07-26 14:10:22 +03:00
|
|
|
./sshguard
|
2023-07-20 06:58:47 +03:00
|
|
|
./unitstatus
|
2023-07-20 15:02:38 +03:00
|
|
|
./users
|
2023-07-26 13:58:42 +03:00
|
|
|
./zfs
|
2023-07-19 14:16:56 +03:00
|
|
|
./zfsborg
|
2023-04-14 14:12:45 +03:00
|
|
|
];
|
|
|
|
|
2023-07-20 15:02:38 +03:00
|
|
|
options.mj = with lib.types; {
|
2023-04-14 14:12:45 +03:00
|
|
|
stateVersion = lib.mkOption {
|
2023-07-20 15:02:38 +03:00
|
|
|
type = str;
|
2023-04-14 14:12:45 +03:00
|
|
|
example = "22.11";
|
|
|
|
description = "The NixOS state version to use for this system";
|
|
|
|
};
|
2023-07-20 15:02:38 +03:00
|
|
|
|
2023-04-14 14:12:45 +03:00
|
|
|
timeZone = lib.mkOption {
|
2023-07-20 15:02:38 +03:00
|
|
|
type = str;
|
2023-04-14 14:12:45 +03:00
|
|
|
example = "Europe/Vilnius";
|
|
|
|
description = "Time zone for this system";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
config = {
|
|
|
|
time.timeZone = config.mj.timeZone;
|
|
|
|
|
2023-09-11 21:59:43 +03:00
|
|
|
mj.services.friendlyport.vpn.ports = [config.services.iperf3.port];
|
|
|
|
|
2023-04-14 14:12:45 +03:00
|
|
|
i18n = {
|
|
|
|
defaultLocale = "en_US.UTF-8";
|
|
|
|
supportedLocales = [
|
2023-07-24 12:47:41 +03:00
|
|
|
"en_US.UTF-8/UTF-8"
|
2023-04-14 14:12:45 +03:00
|
|
|
"lt_LT.UTF-8/UTF-8"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
2023-07-20 11:56:08 +03:00
|
|
|
nix = {
|
|
|
|
gc = {
|
|
|
|
automatic = true;
|
|
|
|
dates = "daily";
|
2023-09-03 07:20:49 +03:00
|
|
|
options = "--delete-older-than 7d";
|
2023-07-20 11:56:08 +03:00
|
|
|
};
|
|
|
|
settings = {
|
|
|
|
experimental-features = ["nix-command" "flakes"];
|
|
|
|
trusted-users = ["motiejus"];
|
|
|
|
};
|
|
|
|
};
|
2023-04-14 14:12:45 +03:00
|
|
|
|
|
|
|
system.stateVersion = config.mj.stateVersion;
|
|
|
|
|
|
|
|
security = {
|
|
|
|
sudo = {
|
|
|
|
wheelNeedsPassword = false;
|
|
|
|
execWheelOnly = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
environment = {
|
|
|
|
systemPackages = with pkgs; [
|
|
|
|
jc # parse different formats and command outputs to json
|
|
|
|
jq # parse, format and query json documents
|
|
|
|
pv # pipe viewer for progressbars in pipes
|
|
|
|
bat # "bat - cat with wings", cat|less with language highlight
|
|
|
|
duf # nice disk usage output
|
2023-07-20 11:56:08 +03:00
|
|
|
git
|
|
|
|
htop
|
2023-04-14 14:12:45 +03:00
|
|
|
file # file duh
|
|
|
|
host # look up host info
|
|
|
|
tree # tree duh
|
|
|
|
lsof # lsof yay
|
|
|
|
rage # encrypt-decrypt
|
2023-07-20 11:56:08 +03:00
|
|
|
ncdu # disk usage navigator
|
2023-04-14 14:12:45 +03:00
|
|
|
pwgen
|
2023-07-20 11:56:08 +03:00
|
|
|
parted
|
2023-04-14 14:12:45 +03:00
|
|
|
sqlite
|
2023-09-11 22:01:59 +03:00
|
|
|
bonnie # disk benchmarking
|
2023-07-26 11:06:28 +03:00
|
|
|
procps
|
2023-04-14 14:12:45 +03:00
|
|
|
ripgrep
|
|
|
|
vimv-rs
|
2023-07-26 11:09:52 +03:00
|
|
|
sysstat
|
2023-07-20 11:56:08 +03:00
|
|
|
bsdgames
|
2023-04-14 14:12:45 +03:00
|
|
|
binutils
|
|
|
|
moreutils
|
2023-08-16 00:04:38 +03:00
|
|
|
perf-tools
|
2023-04-14 14:12:45 +03:00
|
|
|
unixtools.xxd
|
|
|
|
|
|
|
|
# networking
|
|
|
|
dig
|
|
|
|
nmap
|
2023-07-20 11:56:08 +03:00
|
|
|
ngrep
|
2023-04-14 14:12:45 +03:00
|
|
|
wget
|
|
|
|
curl
|
2023-07-26 15:42:10 +03:00
|
|
|
btop
|
|
|
|
iftop
|
2023-04-14 14:12:45 +03:00
|
|
|
whois
|
|
|
|
ipset
|
2023-09-11 21:43:34 +03:00
|
|
|
iperf3
|
2023-07-26 15:42:10 +03:00
|
|
|
jnettop
|
2023-07-20 11:56:08 +03:00
|
|
|
openssl
|
|
|
|
tcpdump
|
2023-04-14 14:12:45 +03:00
|
|
|
testssl
|
|
|
|
dnsutils
|
|
|
|
speedtest-cli
|
|
|
|
prettyping
|
|
|
|
(runCommand "prettyping-pp" {} ''
|
|
|
|
mkdir -p $out/bin
|
|
|
|
ln -s ${prettyping}/bin/prettyping $out/bin/pp
|
|
|
|
'')
|
|
|
|
|
|
|
|
# compression/decompression
|
|
|
|
xz
|
|
|
|
pigz
|
|
|
|
zstd
|
|
|
|
p7zip
|
|
|
|
brotli
|
|
|
|
zopfli
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
programs = {
|
|
|
|
mtr.enable = true;
|
2023-08-15 07:09:11 +03:00
|
|
|
|
2023-08-18 23:45:13 +03:00
|
|
|
tmux = {
|
|
|
|
enable = true;
|
|
|
|
keyMode = "vi";
|
|
|
|
};
|
|
|
|
|
2023-08-18 23:33:56 +03:00
|
|
|
neovim = {
|
|
|
|
enable = true;
|
|
|
|
vimAlias = true;
|
|
|
|
defaultEditor = true;
|
|
|
|
};
|
|
|
|
|
2023-08-15 07:09:11 +03:00
|
|
|
sysdig.enable = pkgs.stdenv.hostPlatform.system == "x86_64-linux";
|
2023-04-14 14:12:45 +03:00
|
|
|
};
|
2023-07-26 14:10:22 +03:00
|
|
|
|
2023-08-24 23:49:21 +03:00
|
|
|
networking.firewall.logRefusedConnections = false;
|
2023-09-11 22:38:44 +03:00
|
|
|
networking.firewall.checkReversePath = "loose"; # for tailscale
|
2023-08-24 23:49:21 +03:00
|
|
|
|
2023-07-26 14:10:22 +03:00
|
|
|
services = {
|
2023-08-24 17:14:57 +03:00
|
|
|
chrony = {
|
|
|
|
enable = true;
|
|
|
|
servers = ["time.cloudflare.com"];
|
|
|
|
};
|
|
|
|
|
2023-07-26 14:10:22 +03:00
|
|
|
locate = {
|
|
|
|
enable = true;
|
|
|
|
locate = pkgs.plocate;
|
|
|
|
localuser = null;
|
|
|
|
};
|
|
|
|
};
|
2023-04-14 14:12:45 +03:00
|
|
|
};
|
|
|
|
}
|